Hi there! Our analysis has discovered that your project contains a call to unserialize that can be changed to improve the project’s security.
Calling unserialize() without specifying the allowed_classes option allows unrestricted unserialization, potentially exposing your project to a security risk.
Even though not all calls to unserialize() operate on user-provided input, it is recommended to update all calls to use the relevant limited set of allowed_classes.
Our analysis, which was verified by a member of our team, has found a call to unserialize in your project that can be altered to use the allowed_classes option with a reduced set of classes.
This PR contains an update for this call, which restricts the set of classes allowed to be unserialized to just the User class, which our analysis has determined to be the only class that should be unserialized.
This PR is a result of an academic research project. Our goal is to provide meaningful information for developers (like you) on how to secure their project better. If you have any questions or feedback please reply to this issue.
Hi there! Our analysis has discovered that your project contains a call to unserialize that can be changed to improve the project’s security.
Calling unserialize() without specifying the allowed_classes option allows unrestricted unserialization, potentially exposing your project to a security risk. Even though not all calls to unserialize() operate on user-provided input, it is recommended to update all calls to use the relevant limited set of allowed_classes.
Our analysis, which was verified by a member of our team, has found a call to unserialize in your project that can be altered to use the allowed_classes option with a reduced set of classes.
This PR contains an update for this call, which restricts the set of classes allowed to be unserialized to just the User class, which our analysis has determined to be the only class that should be unserialized.
This PR is a result of an academic research project. Our goal is to provide meaningful information for developers (like you) on how to secure their project better. If you have any questions or feedback please reply to this issue.